Fetch Identity Provider token in protocol mapper


I have use case where I need to fetch extra information from an OIDC provider and add custom claims to the token keycloak generates.

I have wrote a custom Protocol Mapper and I’m stuck on how to fetch the IDP token (to do extra calls to the Idp) in the protocol mapper.

I know there is a keycloak API to read idp tokens but it needs to have the access token


I know this is an old question but I’m stuck with the same problem. When exchanging an external IdP token for an internal one, my custom Protocol Mapper needs to read claims from the external token.